147 matches found
Mandriva Linux Security Advisory : zarafa (MDVSA-2015:040)
Updated zarafa packages fix security vulnerability : Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correc...
Updated zarafa packages fix CVE-2014-9465 and some packaging issues
Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...
MGASA-2015-0049 Updated zarafa packages fix CVE-2014-9465 and some packaging issues
Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess = 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp CVE-2014-9465. This update also adds some patches from Robert Scheck which correct...
Multiple Denial of Service Vulnerabilities in Zarafa WebAccess and WebApp
Zarafa is a commercial collaborative software solution that provides email and webmail services, address book, calendar, notes, tasks and more. Multiple denial-of-service vulnerabilities exist in Zarafa WebAccess and WebApp, which could allow an attacker to crash the affected application, resulti...
Zarafa WebAccess Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
Zarafa WebApp Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
Fedora Update for zarafa FEDORA-2014-13017
Check the version of zarafa SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868465";...
Fedora Update for zarafa FEDORA-2014-12989
Check the version of zarafa SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868466";...
Fedora 19 : zarafa-7.1.11-1.fc19 (2014-13017)
Zarafa Collaboration Platform 7.1.11 final R1 46050 ===================================================== General Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
[SECURITY] Fedora 19 Update: zarafa-7.1.11-1.fc19
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...
[SECURITY] Fedora 20 Update: zarafa-7.1.11-1.fc20
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...
[SECURITY] Fedora 21 Update: zarafa-7.1.11-1.fc21
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...
Fedora 21 : zarafa-7.1.11-1.fc21 (2014-12926)
Zarafa Collaboration Platform 7.1.11 final R1 46050 ===================================================== General Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
Fedora 20 : zarafa-7.1.11-1.fc20 (2014-12989)
Zarafa Collaboration Platform 7.1.11 final R1 46050 ===================================================== General Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...
CVE-2014-5448
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files...
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...
CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...
Design/Logic Flaw
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...